Hardware that we use today is unreliable and leaky. Bit flips plague a substantial part of the memory hardware that we use today and there are a variety of side channels that leak sensitive information about the system. In this talk, I will briefly talk about how we turned Rowhammer bit flips into practical exploitation vectors compromising browsers, clouds and mobile phones. I will then talk about a new side-channel attack that uses the traces that the memory management unit of the processor leaves in its data/instruction caches to derandomize secret pointers from JavaScript. This attack is very powerful: it breaks address-space layout randomization (ASLR) in the browser on all the 22 modern CPU architectures that we tried in only tens of seconds and it is not easy to fix. It is time to rethink our reliance on ASLR as a basic security mechanism in sandboxed environments such as JavaScript.

Bio:

Kaveh Razavi is starting as an assistant professor in the VUSec group of Vrije Universiteit Amsterdam next year. Besides building systems, he is currently mostly interested in the security implications of unreliable and leaky general-purpose hardware. He regularly publishes at top systems and systems security venues and his research has won multiple industry and academic awards including different Pwnies and the CSAW applied best research paper. In the past, he has built network and storage stacks for rack-scale computers at Microsoft Research (2014-2015), worked on the scalability issues of cloud virtual machines for his PhD (2012-2015) and hacked on Barrelfish as a master student (2010-2011)!